Sponsored Ads

The Web Security Mailing List

The RIAA website was apparently vulnerable to a SQL Injection vulnerability and had it's website
deleted.

"It’s a weekend, and a holiday weekend to boot, so the site might stay
this way for some time. Someone apparently used SQL injection to wipe,
and we do mean wipe, the website of the Recording Industry Association
of America (RIAA) clean of content. (In case they’ve fixed the site,
click the empty “Who We Are” statement above to see what their homepage
looked like at the time of this writing.)

Since the RIAA is usually chasing after pirates of copyrighted
and copy-protected material, call it … well, call it what you will.

It started on Reddit,
where a link to a really slow SQL query was posted. The post said “This
link runs a slooow SQL query on the RIAA’s server. Don’t click it; that
would be wrong.”

Of course, no one listened to that tongue-in-cheek warning.
While some users were messing around changing links to point the Pirate
Bay (below), for example, someone allegedly wiped the site’s entire
database."